From f0c2aeaf3d5d7279fc0630db2f809cd58a5395b4 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 28 Aug 2004 15:46:57 +1000 Subject: - (dtucker) [openbsd-compat/mktemp.c] Remove superfluous Cygwin #ifdef; from vinschen at redhat.com. --- openbsd-compat/mktemp.c | 5 ----- 1 file changed, 5 deletions(-) (limited to 'openbsd-compat') diff --git a/openbsd-compat/mktemp.c b/openbsd-compat/mktemp.c index aff8d2005..969f69580 100644 --- a/openbsd-compat/mktemp.c +++ b/openbsd-compat/mktemp.c @@ -40,11 +40,6 @@ static char rcsid[] = "$OpenBSD: mktemp.c,v 1.17 2003/06/02 20:18:37 millert Exp $"; #endif /* LIBC_SCCS and not lint */ -#ifdef HAVE_CYGWIN -#define open binary_open -extern int binary_open(); -#endif - static int _gettemp(char *, int *, int, int); int -- cgit v1.2.3 From f00e51d1f2ea01c33d5548b79a86c44036b90aae Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 29 Aug 2004 16:12:29 +1000 Subject: - (dtucker) [openbsd-compat/getrrsetbyname.c] Prevent getrrsetbyname from failing with NOMEMORY if no sigs are returned and malloc(0) returns NULL. From Martin.Kraemer at Fujitsu-Siemens.com; ok djm@ --- ChangeLog | 7 ++++++- openbsd-compat/getrrsetbyname.c | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) (limited to 'openbsd-compat') diff --git a/ChangeLog b/ChangeLog index 74fea6302..8302ee1d3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20040829 + - (dtucker) [openbsd-compat/getrrsetbyname.c] Prevent getrrsetbyname from + failing with NOMEMORY if no sigs are returned and malloc(0) returns NULL. + From Martin.Kraemer at Fujitsu-Siemens.com; ok djm@ + 20040828 - (dtucker) [openbsd-compat/mktemp.c] Remove superfluous Cygwin #ifdef; from vinschen at redhat.com. @@ -1664,4 +1669,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3521 2004/08/28 06:17:35 dtucker Exp $ +$Id: ChangeLog,v 1.3522 2004/08/29 06:12:29 dtucker Exp $ diff --git a/openbsd-compat/getrrsetbyname.c b/openbsd-compat/getrrsetbyname.c index 660427c1f..4e869c4df 100644 --- a/openbsd-compat/getrrsetbyname.c +++ b/openbsd-compat/getrrsetbyname.c @@ -277,7 +277,7 @@ getrrsetbyname(const char *hostname, unsigned int rdclass, /* allocate memory for signatures */ rrset->rri_sigs = calloc(rrset->rri_nsigs, sizeof(struct rdatainfo)); - if (rrset->rri_sigs == NULL) { + if (rrset->rri_nsigs > 0 && rrset->rri_sigs == NULL) { result = ERRSET_NOMEMORY; goto fail; } -- cgit v1.2.3 From 5a88d003499744a374ec39279f4c6ec3971b5dab Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 29 Aug 2004 21:43:33 +1000 Subject: - (dtucker) [openbsd-compat/port-aix.c] Bug #712: Explicitly check for accounts with authentication configs that sshd can't support (ie SYSTEM=NONE and AUTH1=something). --- ChangeLog | 5 ++++- openbsd-compat/port-aix.c | 57 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 61 insertions(+), 1 deletion(-) (limited to 'openbsd-compat') diff --git a/ChangeLog b/ChangeLog index a8192cf58..a2f03d437 100644 --- a/ChangeLog +++ b/ChangeLog @@ -37,6 +37,9 @@ - (dtucker) [regress/agent-ptrace.sh] Skip ptrace test on OSF1/DUnix/Tru64 too; patch from cmadams at hiwaay.net. - (dtucker) [configure.ac] Replace non-portable echo \n with extra echo. + - (dtucker) [openbsd-compat/port-aix.c] Bug #712: Explicitly check for + accounts with authentication configs that sshd can't support (ie + SYSTEM=NONE and AUTH1=something). 20040828 - (dtucker) [openbsd-compat/mktemp.c] Remove superfluous Cygwin #ifdef; from @@ -1704,4 +1707,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3535 2004/08/29 11:18:09 dtucker Exp $ +$Id: ChangeLog,v 1.3536 2004/08/29 11:43:33 dtucker Exp $ diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index 78f4faea3..e7eb179ec 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c @@ -1,6 +1,7 @@ /* * * Copyright (c) 2001 Gert Doering. All rights reserved. + * Copyright (c) 2003,2004 Darren Tucker. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -91,6 +92,59 @@ aix_remove_embedded_newlines(char *p) *p = '\0'; } +/* + * Test specifically for the case where SYSTEM == NONE and AUTH1 contains + * anything other than NONE or SYSTEM, which indicates that the admin has + * configured the account for purely AUTH1-type authentication. + * + * Since authenticate() doesn't check AUTH1, and sshd can't sanely support + * AUTH1 itself, in such a case authenticate() will allow access without + * authentation, which is almost certainly not what the admin intends. + * + * (The native tools, eg login, will process the AUTH1 list in addition to + * the SYSTEM list by using ckuserID(), however ckuserID() and AUTH1 methods + * have been deprecated since AIX 4.2.x and would be very difficult for sshd + * to support. + * + * Returns 0 if an unsupportable combination is found, 1 otherwise. + */ +static int +aix_valid_authentications(const char *user) +{ + char *auth1, *sys, *p; + int valid = 1; + + if (getuserattr((char *)user, S_AUTHSYSTEM, &sys, SEC_CHAR) != 0) { + logit("Can't retrieve attribute SYSTEM for %s: %.100s", + user, strerror(errno)); + return 0; + } + + debug3("AIX SYSTEM attribute %s", sys); + if (strcmp(sys, "NONE") != 0) + return 1; /* not "NONE", so is OK */ + + if (getuserattr((char *)user, S_AUTH1, &auth1, SEC_LIST) != 0) { + logit("Can't retrieve attribute auth1 for %s: %.100s", + user, strerror(errno)); + return 0; + } + + p = auth1; + /* A SEC_LIST is concatenated strings, ending with two NULs. */ + while (p[0] != '\0' && p[1] != '\0') { + debug3("AIX auth1 attribute list member %s", p); + if (strcmp(p, "NONE") != 0 && strcmp(p, "SYSTEM")) { + logit("Account %s has unsupported auth1 value '%s'", + user, p); + valid = 0; + } + p += strlen(p) + 1; + } + + return (valid); +} + /* * Do authentication via AIX's authenticate routine. We loop until the * reenter parameter is 0, but normally authenticate is called only once. @@ -112,6 +166,9 @@ sys_auth_passwd(Authctxt *ctxt, const char *password) authmsg); } while (reenter); + if (!aix_valid_authentications(name)) + result = -1; + if (result == 0) { authsuccess = 1; -- cgit v1.2.3 From 14c372d49d49a21107c72b7c238cf9e5a01b80ab Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 30 Aug 2004 20:42:08 +1000 Subject: - (dtucker) [session.c openbsd-compat/bsd-cygwin_util.{c,h}] Bug #915: only copy required environment variables on Cygwin. Patch from vinschen at redhat.com, ok djm@ --- ChangeLog | 7 +++++- openbsd-compat/bsd-cygwin_util.c | 54 ++++++++++++++++++++++++++++++++++++++-- openbsd-compat/bsd-cygwin_util.h | 4 ++- session.c | 8 +++++- 4 files changed, 68 insertions(+), 5 deletions(-) (limited to 'openbsd-compat') diff --git a/ChangeLog b/ChangeLog index a2f03d437..0e7cc0cd9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20040830 + - (dtucker) [session.c openbsd-compat/bsd-cygwin_util.{c,h}] Bug #915: only + copy required environment variables on Cygwin. Patch from vinschen at + redhat.com, ok djm@ + 20040829 - (dtucker) [openbsd-compat/getrrsetbyname.c] Prevent getrrsetbyname from failing with NOMEMORY if no sigs are returned and malloc(0) returns NULL. @@ -1707,4 +1712,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3536 2004/08/29 11:43:33 dtucker Exp $ +$Id: ChangeLog,v 1.3537 2004/08/30 10:42:08 dtucker Exp $ diff --git a/openbsd-compat/bsd-cygwin_util.c b/openbsd-compat/bsd-cygwin_util.c index 92cdba6e0..f53abb6e2 100644 --- a/openbsd-compat/bsd-cygwin_util.c +++ b/openbsd-compat/bsd-cygwin_util.c @@ -29,7 +29,7 @@ #include "includes.h" -RCSID("$Id: bsd-cygwin_util.c,v 1.12 2004/04/18 11:15:45 djm Exp $"); +RCSID("$Id: bsd-cygwin_util.c,v 1.13 2004/08/30 10:42:08 dtucker Exp $"); #ifdef HAVE_CYGWIN @@ -38,6 +38,7 @@ RCSID("$Id: bsd-cygwin_util.c,v 1.12 2004/04/18 11:15:45 djm Exp $"); #include #include #include +#include "xmalloc.h" #define is_winnt (GetVersion() < 0x80000000) #define ntsec_on(c) ((c) && strstr((c),"ntsec") && !strstr((c),"nontsec")) @@ -96,7 +97,6 @@ has_capability(int what) */ if (!inited) { struct utsname uts; - char *c; if (!uname(&uts)) { int major_high = 0, major_low = 0, minor = 0; @@ -236,4 +236,54 @@ register_9x_service(void) RegisterServiceProcess(0, 1); } +#define NL(x) x, (sizeof (x) - 1) +#define WENV_SIZ (sizeof (wenv_arr) / sizeof (wenv_arr[0])) + +static struct wenv { + const char *name; + size_t namelen; +} wenv_arr[] = { + { NL("ALLUSERSPROFILE=") }, + { NL("COMMONPROGRAMFILES=") }, + { NL("COMPUTERNAME=") }, + { NL("COMSPEC=") }, + { NL("NUMBER_OF_PROCESSORS=") }, + { NL("OS=") }, + { NL("PATH=") }, + { NL("PATHEXT=") }, + { NL("PROCESSOR_ARCHITECTURE=") }, + { NL("PROCESSOR_IDENTIFIER=") }, + { NL("PROCESSOR_LEVEL=") }, + { NL("PROCESSOR_REVISION=") }, + { NL("PROGRAMFILES=") }, + { NL("SYSTEMDRIVE=") }, + { NL("SYSTEMROOT=") }, + { NL("TMP=") }, + { NL("TEMP=") }, + { NL("WINDIR=") }, +}; + +char ** +fetch_windows_environment(void) +{ + char **e, **p; + int i, idx = 0; + + p = xmalloc(WENV_SIZ * sizeof(char *)); + for (e = environ; *e != NULL; ++e) { + for (i = 0; i < WENV_SIZ; ++i) { + if (!strncmp(*e, wenv_arr[i].name, wenv_arr[i].namelen)) + p[idx++] = *e; + } + } + p[idx] = NULL; + return p; +} + +void +free_windows_environment(char **p) +{ + xfree(p); +} + #endif /* HAVE_CYGWIN */ diff --git a/openbsd-compat/bsd-cygwin_util.h b/openbsd-compat/bsd-cygwin_util.h index 5ccb0fba2..6719b8a49 100644 --- a/openbsd-compat/bsd-cygwin_util.h +++ b/openbsd-compat/bsd-cygwin_util.h @@ -1,4 +1,4 @@ -/* $Id: bsd-cygwin_util.h,v 1.10 2003/08/07 06:28:16 dtucker Exp $ */ +/* $Id: bsd-cygwin_util.h,v 1.11 2004/08/30 10:42:08 dtucker Exp $ */ /* * Copyright (c) 2000, 2001, Corinna Vinschen @@ -46,6 +46,8 @@ int binary_pipe(int fd[2]); int check_nt_auth(int, struct passwd *); int check_ntsec(const char *); void register_9x_service(void); +char **fetch_windows_environment(void); +void free_windows_environment(char **); #define open binary_open #define pipe binary_pipe diff --git a/session.c b/session.c index ee4008acf..89e1ec892 100644 --- a/session.c +++ b/session.c @@ -979,7 +979,13 @@ do_setup_env(Session *s, const char *shell) * The Windows environment contains some setting which are * important for a running system. They must not be dropped. */ - copy_environment(environ, &env, &envsize); + { + char **p; + + p = fetch_windows_environment(); + copy_environment(p, &env, &envsize); + free_windows_environment(p); + } #endif #ifdef GSSAPI -- cgit v1.2.3 From 50fbb45dbd2f95f95c959dc03663b213b4aac2aa Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 21 Sep 2004 21:32:12 +1000 Subject: - (dtucker) [openbsd-compat/bsd-snprintf.c] Check for max length too. ok djm@ --- ChangeLog | 6 +++++- openbsd-compat/bsd-snprintf.c | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) (limited to 'openbsd-compat') diff --git a/ChangeLog b/ChangeLog index 77b8fd160..982e229a7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20040921 + - (dtucker) [openbsd-compat/bsd-snprintf.c] Check for max length too. + ok djm@ + 20040912 - (djm) [loginrec.c] Start KNF and tidy up of this long-neglected file. No change in resultant binary @@ -1744,4 +1748,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3552 2004/09/12 12:36:15 dtucker Exp $ +$Id: ChangeLog,v 1.3553 2004/09/21 11:32:12 dtucker Exp $ diff --git a/openbsd-compat/bsd-snprintf.c b/openbsd-compat/bsd-snprintf.c index e4d8a439a..aea501c6f 100644 --- a/openbsd-compat/bsd-snprintf.c +++ b/openbsd-compat/bsd-snprintf.c @@ -58,7 +58,7 @@ #include "includes.h" -RCSID("$Id: bsd-snprintf.c,v 1.7 2003/05/18 14:13:39 djm Exp $"); +RCSID("$Id: bsd-snprintf.c,v 1.8 2004/09/21 11:32:13 dtucker Exp $"); #if defined(BROKEN_SNPRINTF) /* For those with broken snprintf() */ # undef HAVE_SNPRINTF @@ -369,7 +369,7 @@ fmtstr(char *buffer, size_t *currlen, size_t maxlen, if (value == 0) value = ""; - for (strln = 0; value[strln]; ++strln); /* strlen */ + for (strln = 0; strln <= max && value[strln]; ++strln); /* strlen */ padlen = min - strln; if (padlen < 0) padlen = 0; -- cgit v1.2.3 From 4127f559ada4573e66c0e55dc920147d73e48974 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 23 Sep 2004 21:35:09 +1000 Subject: - (dtucker) [openbsd-compat/bsd-snprintf.c] Previous change was off by one, which could have caused the justification to be wrong. ok djm@ --- ChangeLog | 6 +++++- openbsd-compat/bsd-snprintf.c | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) (limited to 'openbsd-compat') diff --git a/ChangeLog b/ChangeLog index efcb44c0b..66f9c36cd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20040923 + - (dtucker) [openbsd-compat/bsd-snprintf.c] Previous change was off by one, + which could have caused the justification to be wrong. ok djm@ + 20040921 - (dtucker) [openbsd-compat/bsd-snprintf.c] Check for max length too. ok djm@ @@ -1750,4 +1754,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3554 2004/09/21 11:35:55 dtucker Exp $ +$Id: ChangeLog,v 1.3555 2004/09/23 11:35:09 dtucker Exp $ diff --git a/openbsd-compat/bsd-snprintf.c b/openbsd-compat/bsd-snprintf.c index aea501c6f..b5a7ef7a0 100644 --- a/openbsd-compat/bsd-snprintf.c +++ b/openbsd-compat/bsd-snprintf.c @@ -58,7 +58,7 @@ #include "includes.h" -RCSID("$Id: bsd-snprintf.c,v 1.8 2004/09/21 11:32:13 dtucker Exp $"); +RCSID("$Id: bsd-snprintf.c,v 1.9 2004/09/23 11:35:09 dtucker Exp $"); #if defined(BROKEN_SNPRINTF) /* For those with broken snprintf() */ # undef HAVE_SNPRINTF @@ -369,7 +369,7 @@ fmtstr(char *buffer, size_t *currlen, size_t maxlen, if (value == 0) value = ""; - for (strln = 0; strln <= max && value[strln]; ++strln); /* strlen */ + for (strln = 0; strln < max && value[strln]; ++strln); /* strlen */ padlen = min - strln; if (padlen < 0) padlen = 0; -- cgit v1.2.3 From dbc2296e2c4af222f079cb400d75797b566caab6 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 6 Oct 2004 23:15:44 +1000 Subject: - (dtucker) [monitor_mm.c openbsd-compat/xmmap.c] Bug #940: cast constants to void * to appease picky compilers (eg Tru64's "cc -std1"). --- ChangeLog | 4 +++- monitor_mm.c | 2 +- openbsd-compat/xmmap.c | 4 ++-- 3 files changed, 6 insertions(+), 4 deletions(-) (limited to 'openbsd-compat') diff --git a/ChangeLog b/ChangeLog index 975637071..6baa4bc66 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,8 @@ 20041006 - (dtucker) [README.privsep] Bug #939: update info about HP-UX Trusted Mode and other PAM platforms. + - (dtucker) [monitor_mm.c openbsd-compat/xmmap.c] Bug #940: cast constants + to void * to appease picky compilers (eg Tru64's "cc -std1"). 20040930 - (dtucker) [configure.ac] Set AC_PACKAGE_NAME. ok djm@ @@ -1761,4 +1763,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3557 2004/10/06 10:09:32 dtucker Exp $ +$Id: ChangeLog,v 1.3558 2004/10/06 13:15:44 dtucker Exp $ diff --git a/monitor_mm.c b/monitor_mm.c index ff523a5b1..b0ec37cff 100644 --- a/monitor_mm.c +++ b/monitor_mm.c @@ -92,7 +92,7 @@ mm_create(struct mm_master *mmalloc, size_t size) mm->mmalloc = mmalloc; address = xmmap(size); - if (address == MAP_FAILED) + if (address == (void *)MAP_FAILED) fatal("mmap(%lu): %s", (u_long)size, strerror(errno)); mm->address = address; diff --git a/openbsd-compat/xmmap.c b/openbsd-compat/xmmap.c index c8d59dee0..74e8a8b13 100644 --- a/openbsd-compat/xmmap.c +++ b/openbsd-compat/xmmap.c @@ -23,7 +23,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* $Id: xmmap.c,v 1.5 2004/08/14 13:55:38 dtucker Exp $ */ +/* $Id: xmmap.c,v 1.6 2004/10/06 13:15:44 dtucker Exp $ */ #include "includes.h" @@ -47,7 +47,7 @@ void *xmmap(size_t size) # endif #define MM_SWAP_TEMPLATE "/var/run/sshd.mm.XXXXXXXX" - if (address == MAP_FAILED) { + if (address == (void *)MAP_FAILED) { char tmpname[sizeof(MM_SWAP_TEMPLATE)] = MM_SWAP_TEMPLATE; int tmpfd; mode_t old_umask; -- cgit v1.2.3 From ad7646a59ab05ed9d6c156ba952725f44c02de7d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 2 Feb 2005 10:43:59 +1100 Subject: - (dtucker) [configure.ac openbsd-compat/realpath.c] Sync up with realpath rev 1.11 from OpenBSD and make it use fchdir if available. ok djm@ --- ChangeLog | 6 ++++- configure.ac | 8 +++--- openbsd-compat/realpath.c | 69 ++++++++++++++++++++++++++++++++++------------- 3 files changed, 60 insertions(+), 23 deletions(-) (limited to 'openbsd-compat') diff --git a/ChangeLog b/ChangeLog index 301921de1..eb897ec41 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20050202 + - (dtucker) [configure.ac openbsd-compat/realpath.c] Sync up with realpath + rev 1.11 from OpenBSD and make it use fchdir if available. ok djm@ + 20050201 - (dtucker) [log.c] Bug #973: force log_init() to open syslog, since on some platforms syslog will revert to its default values. This may result in @@ -2051,4 +2055,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3628 2005/02/01 08:16:45 dtucker Exp $ +$Id: ChangeLog,v 1.3629 2005/02/01 23:43:59 dtucker Exp $ diff --git a/configure.ac b/configure.ac index d4151feb0..94d6b1e78 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.235 2005/01/18 01:05:18 dtucker Exp $ +# $Id: configure.ac,v 1.236 2005/02/01 23:44:00 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -877,9 +877,9 @@ AC_ARG_WITH(libedit, dnl Checks for library functions. Please keep in alphabetical order AC_CHECK_FUNCS(\ arc4random __b64_ntop b64_ntop __b64_pton b64_pton bcopy \ - bindresvport_sa clock closefrom dirfd fchmod fchown freeaddrinfo \ - futimes getaddrinfo getcwd getgrouplist getnameinfo getopt \ - getpeereid _getpty getrlimit getttyent glob inet_aton \ + bindresvport_sa clock closefrom dirfd fchdir fchmod fchown \ + freeaddrinfo futimes getaddrinfo getcwd getgrouplist getnameinfo \ + getopt getpeereid _getpty getrlimit getttyent glob inet_aton \ inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \ mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \ pstat prctl readpassphrase realpath recvmsg rresvport_af sendmsg \ diff --git a/openbsd-compat/realpath.c b/openbsd-compat/realpath.c index 218fbecb2..7f73bd998 100644 --- a/openbsd-compat/realpath.c +++ b/openbsd-compat/realpath.c @@ -37,7 +37,7 @@ #if !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) #if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: realpath.c,v 1.10 2003/08/01 21:04:59 millert Exp $"; +static char *rcsid = "$OpenBSD: realpath.c,v 1.11 2004/11/30 15:12:59 millert Exp $"; #endif /* LIBC_SCCS and not lint */ #include @@ -67,17 +67,25 @@ char * realpath(const char *path, char *resolved) { struct stat sb; - int fd, n, needslash, serrno = 0; - char *p, *q, wbuf[MAXPATHLEN], start[MAXPATHLEN]; + int fd, n, needslash, serrno; + char *p, *q, wbuf[MAXPATHLEN]; int symlinks = 0; /* Save the starting point. */ - getcwd(start,MAXPATHLEN); +#ifndef HAVE_FCHDIR + char start[MAXPATHLEN]; + /* this is potentially racy but without fchdir we have no option */ + if (getcwd(start, sizeof(start)) == NULL) { + resolved[0] = '.'; + resolved[1] = '\0'; + return (NULL); + } +#endif if ((fd = open(".", O_RDONLY)) < 0) { - (void)strlcpy(resolved, ".", MAXPATHLEN); + resolved[0] = '.'; + resolved[1] = '\0'; return (NULL); } - close(fd); /* Convert "." -> "" to optimize away a needless lstat() and chdir() */ if (path[0] == '.' && path[1] == '\0') @@ -91,7 +99,10 @@ realpath(const char *path, char *resolved) * if it is a directory, then change to that directory. * get the current directory name and append the basename. */ - strlcpy(resolved, path, MAXPATHLEN); + if (strlcpy(resolved, path, MAXPATHLEN) >= MAXPATHLEN) { + serrno = ENAMETOOLONG; + goto err2; + } loop: q = strrchr(resolved, '/'); if (q != NULL) { @@ -114,11 +125,10 @@ loop: if (*p != '\0' && lstat(p, &sb) == 0) { if (S_ISLNK(sb.st_mode)) { if (++symlinks > MAXSYMLINKS) { - serrno = ELOOP; + errno = ELOOP; goto err1; } - n = readlink(p, resolved, MAXPATHLEN-1); - if (n < 0) + if ((n = readlink(p, resolved, MAXPATHLEN-1)) < 0) goto err1; resolved[n] = '\0'; goto loop; @@ -134,8 +144,11 @@ loop: * Save the last component name and get the full pathname of * the current directory. */ - (void)strlcpy(wbuf, p, sizeof wbuf); - if (getcwd(resolved, MAXPATHLEN) == 0) + if (strlcpy(wbuf, p, sizeof(wbuf)) >= sizeof(wbuf)) { + errno = ENAMETOOLONG; + goto err1; + } + if (getcwd(resolved, MAXPATHLEN) == NULL) goto err1; /* @@ -149,23 +162,43 @@ loop: if (*wbuf) { if (strlen(resolved) + strlen(wbuf) + needslash >= MAXPATHLEN) { - serrno = ENAMETOOLONG; + errno = ENAMETOOLONG; + goto err1; + } + if (needslash) { + if (strlcat(resolved, "/", MAXPATHLEN) >= MAXPATHLEN) { + errno = ENAMETOOLONG; + goto err1; + } + } + if (strlcat(resolved, wbuf, MAXPATHLEN) >= MAXPATHLEN) { + errno = ENAMETOOLONG; goto err1; } - if (needslash) - strlcat(resolved, "/", MAXPATHLEN); - strlcat(resolved, wbuf, MAXPATHLEN); } /* Go back to where we came from. */ +#ifdef HAVE_FCHDIR + if (fchdir(fd) < 0) { +#else if (chdir(start) < 0) { +#endif serrno = errno; goto err2; } + + /* It's okay if the close fails, what's an fd more or less? */ + (void)close(fd); return (resolved); -err1: chdir(start); -err2: errno = serrno; +err1: serrno = errno; +#ifdef HAVE_FCHDIR + (void)fchdir(fd); +#else + chdir(start); +#endif +err2: (void)close(fd); + errno = serrno; return (NULL); } #endif /* !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) */ -- cgit v1.2.3 From 42d9dc75ed2eefa6eeffc892f02eb164c1860603 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 2 Feb 2005 17:10:11 +1100 Subject: - (dtucker) [auth.c loginrec.h openbsd-compat/{bsd-cray,port-aix}.{c,h}] Make record_failed_login() call provide hostname rather than having the implementations having to do lookups themselves. Only affects AIX and UNICOS (the latter only uses the "user" parameter anyway). ok djm@ --- ChangeLog | 6 +++++- auth.c | 7 +++++-- loginrec.h | 4 +++- openbsd-compat/bsd-cray.c | 4 ++-- openbsd-compat/bsd-cray.h | 6 +++--- openbsd-compat/port-aix.c | 7 +------ openbsd-compat/port-aix.h | 3 +-- 7 files changed, 20 insertions(+), 17 deletions(-) (limited to 'openbsd-compat') diff --git a/ChangeLog b/ChangeLog index eb897ec41..82758ca10 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,10 @@ 20050202 - (dtucker) [configure.ac openbsd-compat/realpath.c] Sync up with realpath rev 1.11 from OpenBSD and make it use fchdir if available. ok djm@ + - (dtucker) [auth.c loginrec.h openbsd-compat/{bsd-cray,port-aix}.{c,h}] + Make record_failed_login() call provide hostname rather than having the + implementations having to do lookups themselves. Only affects AIX and + UNICOS (the latter only uses the "user" parameter anyway). ok djm@ 20050201 - (dtucker) [log.c] Bug #973: force log_init() to open syslog, since on some @@ -2055,4 +2059,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3629 2005/02/01 23:43:59 dtucker Exp $ +$Id: ChangeLog,v 1.3630 2005/02/02 06:10:11 dtucker Exp $ diff --git a/auth.c b/auth.c index 4698e3990..dfc1be374 100644 --- a/auth.c +++ b/auth.c @@ -50,6 +50,7 @@ RCSID("$OpenBSD: auth.c,v 1.57 2005/01/22 08:17:59 dtucker Exp $"); #include "misc.h" #include "bufaux.h" #include "packet.h" +#include "loginrec.h" /* import */ extern ServerOptions options; @@ -244,7 +245,8 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info) #ifdef CUSTOM_FAILED_LOGIN if (authenticated == 0 && strcmp(method, "password") == 0) - record_failed_login(authctxt->user, "ssh"); + record_failed_login(authctxt->user, + get_canonical_hostname(options.use_dns), "ssh"); #endif } @@ -468,7 +470,8 @@ getpwnamallow(const char *user) logit("Invalid user %.100s from %.100s", user, get_remote_ipaddr()); #ifdef CUSTOM_FAILED_LOGIN - record_failed_login(user, "ssh"); + record_failed_login(user, + get_canonical_hostname(options.use_dns), "ssh"); #endif return (NULL); } diff --git a/loginrec.h b/loginrec.h index 6b7233256..d1a12a853 100644 --- a/loginrec.h +++ b/loginrec.h @@ -35,7 +35,7 @@ #include #include -/* RCSID("$Id: loginrec.h,v 1.8 2005/01/20 11:07:30 dtucker Exp $"); */ +/* RCSID("$Id: loginrec.h,v 1.9 2005/02/02 06:10:11 dtucker Exp $"); */ /** ** you should use the login_* calls to work around platform dependencies @@ -132,4 +132,6 @@ char *line_fullname(char *dst, const char *src, int dstsize); char *line_stripname(char *dst, const char *src, int dstsize); char *line_abbrevname(char *dst, const char *src, int dstsize); +void record_failed_login(const char *, const char *, const char *); + #endif /* _HAVE_LOGINREC_H_ */ diff --git a/openbsd-compat/bsd-cray.c b/openbsd-compat/bsd-cray.c index f630366be..d1f1c059c 100644 --- a/openbsd-compat/bsd-cray.c +++ b/openbsd-compat/bsd-cray.c @@ -1,5 +1,5 @@ /* - * $Id: bsd-cray.c,v 1.13 2004/01/30 03:34:22 dtucker Exp $ + * $Id: bsd-cray.c,v 1.14 2005/02/02 06:10:11 dtucker Exp $ * * bsd-cray.c * @@ -171,7 +171,7 @@ cray_access_denied(char *username) * record_failed_login: generic "login failed" interface function */ void -record_failed_login(const char *user, const char *ttyname) +record_failed_login(const char *user, const char *hostname, const char *ttyname) { cray_login_failure((char *)user, IA_UDBERR); } diff --git a/openbsd-compat/bsd-cray.h b/openbsd-compat/bsd-cray.h index de6ba1a8d..774eceb5a 100644 --- a/openbsd-compat/bsd-cray.h +++ b/openbsd-compat/bsd-cray.h @@ -1,4 +1,4 @@ -/* $Id: bsd-cray.h,v 1.11 2004/01/30 03:34:22 dtucker Exp $ */ +/* $Id: bsd-cray.h,v 1.12 2005/02/02 06:10:11 dtucker Exp $ */ /* * Copyright (c) 2002, Cray Inc. (Wendy Palm ) @@ -42,10 +42,10 @@ void cray_init_job(struct passwd *); void cray_job_termination_handler(int); void cray_login_failure(char *, int ); int cray_access_denied(char *); -#define CUSTOM_FAILED_LOGIN 1 -void record_failed_login(const char *, const char *); extern char cray_tmpdir[]; +#define CUSTOM_FAILED_LOGIN 1 + #ifndef IA_SSHD # define IA_SSHD IA_LOGIN #endif diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index e7eb179ec..79d180211 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c @@ -28,8 +28,6 @@ #include "auth.h" #include "ssh.h" #include "log.h" -#include "servconf.h" -#include "canohost.h" #include "xmalloc.h" #include "buffer.h" @@ -38,7 +36,6 @@ #include #include "port-aix.h" -extern ServerOptions options; extern Buffer loginmsg; # ifdef HAVE_SETAUTHDB @@ -280,10 +277,8 @@ sys_auth_record_login(const char *user, const char *host, const char *ttynm) * record_failed_login: generic "login failed" interface function */ void -record_failed_login(const char *user, const char *ttyname) +record_failed_login(const char *user, const char *hostname, const char *ttyname) { - char *hostname = (char *)get_canonical_hostname(options.use_dns); - if (geteuid() != 0) return; diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h index 29e9751ce..751139004 100644 --- a/openbsd-compat/port-aix.h +++ b/openbsd-compat/port-aix.h @@ -1,4 +1,4 @@ -/* $Id: port-aix.h,v 1.21 2004/08/14 14:09:12 dtucker Exp $ */ +/* $Id: port-aix.h,v 1.22 2005/02/02 06:10:11 dtucker Exp $ */ /* * @@ -68,7 +68,6 @@ int sys_auth_allowed_user(struct passwd *); # define CUSTOM_SYS_AUTH_RECORD_LOGIN 1 int sys_auth_record_login(const char *, const char *, const char *); # define CUSTOM_FAILED_LOGIN 1 -void record_failed_login(const char *, const char *); #endif void aix_setauthdb(const char *); -- cgit v1.2.3 From b4d3012d2e9a0eb53c56565108c8278e45cefc77 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 8 Feb 2005 21:06:55 +1100 Subject: - (dtucker) [openbsd-compat/port-aix.c] Silence compiler warnings. --- ChangeLog | 3 ++- openbsd-compat/port-aix.c | 15 +++++++++++---- 2 files changed, 13 insertions(+), 5 deletions(-) (limited to 'openbsd-compat') diff --git a/ChangeLog b/ChangeLog index 841c7bd32..89424da03 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,7 @@ - (dtucker) [regress/test-exec.sh] Bug #912: Set _POSIX2_VERSION for the regress tests so newer versions of GNU head(1) behave themselves. Patch by djm, so ok me. + - (dtucker) [openbsd-compat/port-aix.c] Silence compiler warnings. 20050204 - (dtucker) [monitor.c] Permit INVALID_USER audit events from slave too. @@ -2081,4 +2082,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3637 2005/02/08 09:17:17 dtucker Exp $ +$Id: ChangeLog,v 1.3638 2005/02/08 10:06:55 dtucker Exp $ diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index 79d180211..27ab06158 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c @@ -36,6 +36,10 @@ #include #include "port-aix.h" +/* These should be in the system headers but are not. */ +int usrinfo(int, char *, int); +int setauthdb(const char *, char *); + extern Buffer loginmsg; # ifdef HAVE_SETAUTHDB @@ -49,6 +53,8 @@ static char old_registry[REGISTRY_SIZE] = ""; * NOTE: TTY= should be set, but since no one uses it and it's hard to * acquire due to privsep code. We will just drop support. */ + + void aix_usrinfo(struct passwd *pw) { @@ -260,10 +266,10 @@ sys_auth_record_login(const char *user, const char *host, const char *ttynm) int success = 0; aix_setauthdb(user); - if (loginsuccess((char *)user, host, ttynm, &msg) == 0) { + if (loginsuccess((char *)user, (char *)host, (char *)ttynm, &msg) == 0) { success = 1; if (msg != NULL) { - debug("AIX/loginsuccess: msg %s", __func__, msg); + debug("AIX/loginsuccess: msg %s", msg); buffer_append(&loginmsg, msg, strlen(msg)); xfree(msg); } @@ -284,9 +290,10 @@ record_failed_login(const char *user, const char *hostname, const char *ttyname) aix_setauthdb(user); # ifdef AIX_LOGINFAILED_4ARG - loginfailed((char *)user, hostname, (char *)ttyname, AUDIT_FAIL_AUTH); + loginfailed((char *)user, (char *)hostname, (char *)ttyname, + AUDIT_FAIL_AUTH); # else - loginfailed((char *)user, hostname, (char *)ttyname); + loginfailed((char *)user, (char *)hostname, (char *)ttyname); # endif aix_restoreauthdb(); } -- cgit v1.2.3 From 92170a862634bf9ebe958cc75911658d18e30538 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 9 Feb 2005 17:08:23 +1100 Subject: - (dtucker) [auth-passwd.c openbsd-compat/port-aix.c] Don't call disable_forwarding() from compat library. Prevent linker errrors trying to resolve it for binaries other than sshd. ok djm@ --- ChangeLog | 7 ++++++- auth-passwd.c | 12 ++++++------ openbsd-compat/port-aix.c | 1 - 3 files changed, 12 insertions(+), 8 deletions(-) (limited to 'openbsd-compat') diff --git a/ChangeLog b/ChangeLog index 98cdf96aa..633d70c36 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,6 +18,11 @@ - dtucker@cvs.openbsd.org 2005/02/08 22:24:57 [sshd.c] Provide reason in error message if getnameinfo fails; ok markus@ + - (dtucker) [auth-passwd.c openbsd-compat/port-aix.c] Don't call + disable_forwarding() from compat library. Prevent linker errrors trying + to resolve it for binaries other than sshd. ok djm@ + + when 20050208 - (dtucker) [regress/test-exec.sh] Bug #912: Set _POSIX2_VERSION for the @@ -2107,4 +2112,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3644 2005/02/08 22:53:48 dtucker Exp $ +$Id: ChangeLog,v 1.3645 2005/02/09 06:08:23 dtucker Exp $ diff --git a/auth-passwd.c b/auth-passwd.c index fb14f5ce4..27ece3f72 100644 --- a/auth-passwd.c +++ b/auth-passwd.c @@ -73,7 +73,7 @@ int auth_password(Authctxt *authctxt, const char *password) { struct passwd * pw = authctxt->pw; - int ok = authctxt->valid; + int result, ok = authctxt->valid; #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) static int expire_checked = 0; #endif @@ -110,14 +110,14 @@ auth_password(Authctxt *authctxt, const char *password) #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) if (!expire_checked) { expire_checked = 1; - if (auth_shadow_pwexpired(authctxt)) { - disable_forwarding(); + if (auth_shadow_pwexpired(authctxt)) authctxt->force_pwchange = 1; - } } #endif - - return (sys_auth_passwd(authctxt, password) && ok); + result = sys_auth_passwd(authctxt, password); + if (authctxt->force_pwchange) + disable_forwarding(); + return (result && ok); } #ifdef BSD_AUTH diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index 27ab06158..b16988543 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c @@ -196,7 +196,6 @@ sys_auth_passwd(Authctxt *ctxt, const char *password) break; case 1: /* expired, password change required */ ctxt->force_pwchange = 1; - disable_forwarding(); break; default: /* user can't change(2) or other error (-1) */ logit("Password can't be changed for user %s: %.100s", -- cgit v1.2.3 From 15af68f767e31d07c474c37d6af7cadcbcdb82ce Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 11 Feb 2005 18:32:13 +1100 Subject: - (dtucker) [openbsd-compat/fake-rfc2553.h] We now need EAI_SYSTEM too. --- ChangeLog | 3 ++- openbsd-compat/fake-rfc2553.h | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) (limited to 'openbsd-compat') diff --git a/ChangeLog b/ChangeLog index 2c932661c..82e4550db 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,6 @@ 20050211 - (dtucker) [configure.ac] Tidy up configure --help output. + - (dtucker) [openbsd-compat/fake-rfc2553.h] We now need EAI_SYSTEM too. 20050210 - (dtucker) [configure.ac] Bug #919: Provide visible feedback for the @@ -2122,4 +2123,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3649 2005/02/11 05:11:49 dtucker Exp $ +$Id: ChangeLog,v 1.3650 2005/02/11 07:32:13 dtucker Exp $ diff --git a/openbsd-compat/fake-rfc2553.h b/openbsd-compat/fake-rfc2553.h index baea07038..636792ed7 100644 --- a/openbsd-compat/fake-rfc2553.h +++ b/openbsd-compat/fake-rfc2553.h @@ -1,4 +1,4 @@ -/* $Id: fake-rfc2553.h,v 1.9 2004/03/10 10:06:33 dtucker Exp $ */ +/* $Id: fake-rfc2553.h,v 1.10 2005/02/11 07:32:13 dtucker Exp $ */ /* * Copyright (C) 2000-2003 Damien Miller. All rights reserved. @@ -117,6 +117,7 @@ struct sockaddr_in6 { # define EAI_NODATA 1 # define EAI_MEMORY 2 # define EAI_NONAME 3 +# define EAI_SYSTEM 4 #endif #ifndef HAVE_STRUCT_ADDRINFO -- cgit v1.2.3 From 691d5235ca9485877e8345269b1be4b2cf1be322 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 15 Feb 2005 21:45:57 +1100 Subject: - (dtucker) [README.platform auth.c configure.ac loginrec.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Bug #835: enable IPv6 on AIX where possible (see README.platform for details) and work around a misfeature of AIX's getnameinfo. ok djm@ --- ChangeLog | 6 ++++- README.platform | 11 ++++++++- auth.c | 2 +- configure.ac | 62 +++++++++++++++++++++++++++++++++++++++++++++-- loginrec.c | 6 +++-- openbsd-compat/port-aix.c | 45 ++++++++++++++++++++++++++++------ openbsd-compat/port-aix.h | 22 ++++++++++++++--- 7 files changed, 136 insertions(+), 18 deletions(-) (limited to 'openbsd-compat') diff --git a/ChangeLog b/ChangeLog index a55a3b3d7..9b0b3e2af 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,9 @@ 20050215 - (dtucker) [config.sh.in] Collect oslevel -r too. + - (dtucker) [README.platform auth.c configure.ac loginrec.c + openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Bug #835: enable IPv6 + on AIX where possible (see README.platform for details) and work around + a misfeature of AIX's getnameinfo. ok djm@ 20050211 - (dtucker) [configure.ac] Tidy up configure --help output. @@ -2126,4 +2130,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3651 2005/02/15 10:26:32 dtucker Exp $ +$Id: ChangeLog,v 1.3652 2005/02/15 10:45:57 dtucker Exp $ diff --git a/README.platform b/README.platform index 880b83c63..136304a8e 100644 --- a/README.platform +++ b/README.platform @@ -13,6 +13,15 @@ Accounts in this state must have their passwords reset manually by the administrator. As a precaution, it is recommended that the administrative passwords be reset before upgrading from OpenSSH <3.8. +As of OpenSSH 4.0, configure will attempt to detect if your version +and maintenance level of AIX has a working getaddrinfo, and will use it +if found. This will enable IPv6 support. If for some reason configure +gets it wrong, or if you want to build binaries to work on earlier MLs +than the build host then you can add "-DBROKEN_GETADDRINFO" to CFLAGS +to force the previous IPv4-only behaviour. + +IPv6 known to work: 5.2ML2 5.2ML5 +IPv6 known broken: 4.3.3ML11 5.1ML4 Cygwin ------ @@ -27,4 +36,4 @@ Currently, sshd does not support BSM auditting. This can show up as errors when editting cron entries via crontab. See. http://bugzilla.mindrot.org/show_bug.cgi?id=125 -$Id: README.platform,v 1.2 2004/04/23 08:57:13 dtucker Exp $ +$Id: README.platform,v 1.3 2005/02/15 10:45:57 dtucker Exp $ diff --git a/auth.c b/auth.c index e6dcab209..256807683 100644 --- a/auth.c +++ b/auth.c @@ -209,7 +209,7 @@ allowed_user(struct passwd * pw) } #ifdef CUSTOM_SYS_AUTH_ALLOWED_USER - if (!sys_auth_allowed_user(pw)) + if (!sys_auth_allowed_user(pw, &loginmsg)) return 0; #endif diff --git a/configure.ac b/configure.ac index 2df8a5e87..b27f0cf70 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.241 2005/02/11 05:11:49 dtucker Exp $ +# $Id: configure.ac,v 1.242 2005/02/15 10:45:57 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -135,7 +135,7 @@ case "$host" in [#include ] ) AC_CHECK_FUNCS(setauthdb) - AC_DEFINE(BROKEN_GETADDRINFO) + check_for_aix_broken_getaddrinfo=1 AC_DEFINE(BROKEN_REALPATH) AC_DEFINE(SETEUID_BREAKS_SETUID) AC_DEFINE(BROKEN_SETREUID) @@ -1146,6 +1146,64 @@ main(void) ) fi +if test "x$ac_cv_func_getaddrinfo" = "xyes" -a "x$check_for_aix_broken_getaddrinfo" = "x1"; then + AC_MSG_CHECKING(if getaddrinfo seems to work) + AC_TRY_RUN( + [ +#include +#include +#include +#include +#include + +#define TEST_PORT "2222" + +int +main(void) +{ + int err, sock; + struct addrinfo *gai_ai, *ai, hints; + char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; + + memset(&hints, 0, sizeof(hints)); + hints.ai_family = PF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; + hints.ai_flags = AI_PASSIVE; + + err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); + if (err != 0) { + fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); + exit(1); + } + + for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { + if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) + continue; + + err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, + sizeof(ntop), strport, sizeof(strport), + NI_NUMERICHOST|NI_NUMERICSERV); + + if (ai->ai_family == AF_INET && err != 0) { + perror("getnameinfo"); + exit(2); + } + } + exit(0); +} + ], + [ + AC_MSG_RESULT(yes) + AC_DEFINE(AIX_GETNAMEINFO_HACK, [], +[Define if you have a getaddrinfo that fails for the all-zeros IPv6 address]) + ], + [ + AC_MSG_RESULT(no) + AC_DEFINE(BROKEN_GETADDRINFO) + ] + ) +fi + if test "x$check_for_conflicting_getspnam" = "x1"; then AC_MSG_CHECKING(for conflicting getspnam in shadow.h) AC_COMPILE_IFELSE( diff --git a/loginrec.c b/loginrec.c index c033582ad..8f5061cdc 100644 --- a/loginrec.c +++ b/loginrec.c @@ -164,7 +164,7 @@ # include #endif -RCSID("$Id: loginrec.c,v 1.65 2005/02/08 10:52:48 dtucker Exp $"); +RCSID("$Id: loginrec.c,v 1.66 2005/02/15 10:45:57 dtucker Exp $"); /** ** prototypes for helper functions in this file @@ -192,6 +192,8 @@ int lastlog_get_entry(struct logininfo *li); int wtmp_get_entry(struct logininfo *li); int wtmpx_get_entry(struct logininfo *li); +extern Buffer loginmsg; + /* pick the shortest string */ #define MIN_SIZEOF(s1,s2) (sizeof(s1) < sizeof(s2) ? sizeof(s1) : sizeof(s2)) @@ -441,7 +443,7 @@ login_write(struct logininfo *li) #endif #ifdef CUSTOM_SYS_AUTH_RECORD_LOGIN if (li->type == LTYPE_LOGIN && - !sys_auth_record_login(li->username,li->hostname,li->line)) + !sys_auth_record_login(li->username,li->hostname,li->line, &loginmsg)) logit("Writing login record failed for %s", li->username); #endif #ifdef SSH_AUDIT_EVENTS diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index b16988543..8ab862f98 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c @@ -34,14 +34,13 @@ #ifdef _AIX #include +#include #include "port-aix.h" /* These should be in the system headers but are not. */ int usrinfo(int, char *, int); int setauthdb(const char *, char *); -extern Buffer loginmsg; - # ifdef HAVE_SETAUTHDB static char old_registry[REGISTRY_SIZE] = ""; # endif @@ -156,7 +155,7 @@ aix_valid_authentications(const char *user) * returns 0. */ int -sys_auth_passwd(Authctxt *ctxt, const char *password) +sys_auth_passwd(Authctxt *ctxt, const char *password, Buffer *loginmsg) { char *authmsg = NULL, *msg, *name = ctxt->pw->pw_name; int authsuccess = 0, expired, reenter, result; @@ -186,7 +185,7 @@ sys_auth_passwd(Authctxt *ctxt, const char *password) */ expired = passwdexpired(name, &msg); if (msg && *msg) { - buffer_append(&loginmsg, msg, strlen(msg)); + buffer_append(loginmsg, msg, strlen(msg)); aix_remove_embedded_newlines(msg); } debug3("AIX/passwdexpired returned %d msg %.100s", expired, msg); @@ -219,7 +218,7 @@ sys_auth_passwd(Authctxt *ctxt, const char *password) * Returns 1 if login is allowed, 0 if not allowed. */ int -sys_auth_allowed_user(struct passwd *pw) +sys_auth_allowed_user(struct passwd *pw, Buffer *loginmsg) { char *msg = NULL; int result, permitted = 0; @@ -246,7 +245,7 @@ sys_auth_allowed_user(struct passwd *pw) if (result == -1 && errno == EPERM && stat(_PATH_NOLOGIN, &st) == 0) permitted = 1; else if (msg != NULL) - buffer_append(&loginmsg, msg, strlen(msg)); + buffer_append(loginmsg, msg, strlen(msg)); if (msg == NULL) msg = xstrdup("(none)"); aix_remove_embedded_newlines(msg); @@ -259,7 +258,8 @@ sys_auth_allowed_user(struct passwd *pw) } int -sys_auth_record_login(const char *user, const char *host, const char *ttynm) +sys_auth_record_login(const char *user, const char *host, const char *ttynm, + Buffer *loginmsg) { char *msg; int success = 0; @@ -269,7 +269,7 @@ sys_auth_record_login(const char *user, const char *host, const char *ttynm) success = 1; if (msg != NULL) { debug("AIX/loginsuccess: msg %s", msg); - buffer_append(&loginmsg, msg, strlen(msg)); + buffer_append(loginmsg, msg, strlen(msg)); xfree(msg); } } @@ -349,4 +349,33 @@ aix_restoreauthdb(void) # endif /* WITH_AIXAUTHENTICATE */ +# if defined(AIX_GETNAMEINFO_HACK) && !defined(BROKEN_ADDRINFO) +# undef getnameinfo +/* + * For some reason, AIX's getnameinfo will refuse to resolve the all-zeros + * IPv6 address into its textual representation ("::"), so we wrap it + * with a function that will. + */ +int +sshaix_getnameinfo(const struct sockaddr *sa, size_t salen, char *host, + size_t hostlen, char *serv, size_t servlen, int flags) +{ + struct sockaddr_in6 *sa6; + u_int32_t *a6; + + if (flags & (NI_NUMERICHOST|NI_NUMERICSERV) && + sa->sa_family == AF_INET6) { + sa6 = (struct sockaddr_in6 *)sa; + a6 = sa6->sin6_addr.u6_addr.u6_addr32; + + if (a6[0] == 0 && a6[1] == 0 && a6[2] == 0 && a6[3] == 0) { + strlcpy(host, "::", hostlen); + snprintf(serv, servlen, "%d", sa6->sin6_port); + return 0; + } + } + return getnameinfo(sa, salen, host, hostlen, serv, servlen, flags); +} +# endif /* AIX_GETNAMEINFO_HACK */ + #endif /* _AIX */ diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h index 751139004..cc7c43cda 100644 --- a/openbsd-compat/port-aix.h +++ b/openbsd-compat/port-aix.h @@ -1,4 +1,4 @@ -/* $Id: port-aix.h,v 1.22 2005/02/02 06:10:11 dtucker Exp $ */ +/* $Id: port-aix.h,v 1.23 2005/02/15 10:45:58 dtucker Exp $ */ /* * @@ -27,6 +27,10 @@ #ifdef _AIX +#ifdef HAVE_SYS_SOCKET_H +# include +#endif + #ifdef WITH_AIXAUTHENTICATE # include # include @@ -36,6 +40,8 @@ # include #endif +#include "buffer.h" + /* Some versions define r_type in the above headers, which causes a conflict */ #ifdef r_type # undef r_type @@ -64,13 +70,23 @@ void aix_usrinfo(struct passwd *); #ifdef WITH_AIXAUTHENTICATE # define CUSTOM_SYS_AUTH_PASSWD 1 # define CUSTOM_SYS_AUTH_ALLOWED_USER 1 -int sys_auth_allowed_user(struct passwd *); +int sys_auth_allowed_user(struct passwd *, Buffer *); # define CUSTOM_SYS_AUTH_RECORD_LOGIN 1 -int sys_auth_record_login(const char *, const char *, const char *); +int sys_auth_record_login(const char *, const char *, const char *, Buffer *); # define CUSTOM_FAILED_LOGIN 1 #endif void aix_setauthdb(const char *); void aix_restoreauthdb(void); void aix_remove_embedded_newlines(char *); + +#if defined(AIX_GETNAMEINFO_HACK) && !defined(BROKEN_GETADDRINFO) +# ifdef getnameinfo +# undef getnameinfo +# endif +int sshaix_getnameinfo(const struct sockaddr *, size_t, char *, size_t, + char *, size_t, int); +# define getnameinfo(a,b,c,d,e,f,g) (sshaix_getnameinfo(a,b,c,d,e,f,g)) +#endif + #endif /* _AIX */ -- cgit v1.2.3 From 66df70c97d189fb8bdf35a66b42f62bcc0a6e4da Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 16 Feb 2005 13:01:28 +1100 Subject: knf: function names at start of line --- openbsd-compat/bsd-arc4random.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'openbsd-compat') diff --git a/openbsd-compat/bsd-arc4random.c b/openbsd-compat/bsd-arc4random.c index 5284e1af8..1eeb6953b 100644 --- a/openbsd-compat/bsd-arc4random.c +++ b/openbsd-compat/bsd-arc4random.c @@ -17,7 +17,7 @@ #include "includes.h" #include "log.h" -RCSID("$Id: bsd-arc4random.c,v 1.9 2004/07/18 23:30:40 djm Exp $"); +RCSID("$Id: bsd-arc4random.c,v 1.10 2005/02/16 02:01:28 djm Exp $"); #ifndef HAVE_ARC4RANDOM @@ -34,7 +34,8 @@ RCSID("$Id: bsd-arc4random.c,v 1.9 2004/07/18 23:30:40 djm Exp $"); static int rc4_ready = 0; static RC4_KEY rc4; -unsigned int arc4random(void) +unsigned int +arc4random(void) { unsigned int r = 0; static int first_time = 1; @@ -53,7 +54,8 @@ unsigned int arc4random(void) return(r); } -void arc4random_stir(void) +void +arc4random_stir(void) { unsigned char rand_buf[SEED_SIZE]; int i; -- cgit v1.2.3 From 3c774c52f31b54eccb5a936470d21d196968693b Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 16 Feb 2005 22:49:31 +1100 Subject: - (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Silence some more compiler warnings on AIX. --- ChangeLog | 4 +++- configure.ac | 7 +++++-- openbsd-compat/port-aix.c | 4 ---- openbsd-compat/port-aix.h | 25 ++++++++++++++++++++++++- 4 files changed, 32 insertions(+), 8 deletions(-) (limited to 'openbsd-compat') diff --git a/ChangeLog b/ChangeLog index 9d132f981..836cc0dfc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,8 @@ authentication early enough to be available to PAM session modules when privsep=yes. Patch from deengert at anl.gov, ok'ed in principle by Sam Hartman and similar to Debian's ssh-krb5 package. + - (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Silence some more + compiler warnings on AIX. 20050215 - (dtucker) [config.sh.in] Collect oslevel -r too. @@ -2146,4 +2148,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3658 2005/02/16 05:47:37 dtucker Exp $ +$Id: ChangeLog,v 1.3659 2005/02/16 11:49:31 dtucker Exp $ diff --git a/configure.ac b/configure.ac index aa6aed6b0..fe6b002d4 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.243 2005/02/16 05:19:17 dtucker Exp $ +# $Id: configure.ac,v 1.244 2005/02/16 11:49:31 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -121,8 +121,11 @@ case "$host" in LIBS="$LIBS -ls" ]) ]) + dnl Check for various auth function declarations in headers. + AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, passwdexpired],, + [#include ]) dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) - AC_CHECK_DECL(loginfailed, + AC_CHECK_DECLS(loginfailed, [AC_MSG_CHECKING(if loginfailed takes 4 arguments) AC_TRY_COMPILE( [#include ], diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index 8ab862f98..fa6a4ff7b 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c @@ -37,10 +37,6 @@ #include #include "port-aix.h" -/* These should be in the system headers but are not. */ -int usrinfo(int, char *, int); -int setauthdb(const char *, char *); - # ifdef HAVE_SETAUTHDB static char old_registry[REGISTRY_SIZE] = ""; # endif diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h index cc7c43cda..a05ce9703 100644 --- a/openbsd-compat/port-aix.h +++ b/openbsd-compat/port-aix.h @@ -1,4 +1,4 @@ -/* $Id: port-aix.h,v 1.23 2005/02/15 10:45:58 dtucker Exp $ */ +/* $Id: port-aix.h,v 1.24 2005/02/16 11:49:31 dtucker Exp $ */ /* * @@ -30,6 +30,9 @@ #ifdef HAVE_SYS_SOCKET_H # include #endif +#ifdef HAVE_UNISTD_H +# include /* for seteuid() */ +#endif #ifdef WITH_AIXAUTHENTICATE # include @@ -42,6 +45,26 @@ #include "buffer.h" +/* These should be in the system headers but are not. */ +int usrinfo(int, char *, int); +int setauthdb(const char *, char *); +/* these may or may not be in the headers depending on the version */ +#if (HAVE_DECL_AUTHENTICATE == 0) +int authenticate(char *, char *, int *, char **); +#endif +#if (HAVE_DECL_LOGINFAILED == 0) +int loginfailed(char *, char *, char *); +#endif +#if (HAVE_DECL_LOGINRESTRICTIONS == 0) +int loginrestrictions(char *, int, char *, char **); +#endif +#if (HAVE_DECL_LOGINSUCCESS == 0) +int loginsuccess(char *, char *, char *, char **); +#endif +#if (HAVE_DECL_PASSWDEXPIRED == 0) +int passwdexpired(char *, char **); +#endif + /* Some versions define r_type in the above headers, which causes a conflict */ #ifdef r_type # undef r_type -- cgit v1.2.3 From 34233830a1f42e95ddad5ff1cff9f9024d422861 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 26 Feb 2005 10:04:28 +1100 Subject: - (dtucker) [openbsd-compat/bsd-openpty.c openbsd-compat/inet_ntop.c] Remove two obsolete Cygwin #ifdefs. Patch from vinschen at redhat.com. --- ChangeLog | 8 ++++++-- openbsd-compat/bsd-openpty.c | 2 -- openbsd-compat/inet_ntop.c | 2 -- 3 files changed, 6 insertions(+), 6 deletions(-) (limited to 'openbsd-compat') diff --git a/ChangeLog b/ChangeLog index bb126761d..f12f6f906 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,8 @@ -20050222 +20050226 + - (dtucker) [openbsd-compat/bsd-openpty.c openbsd-compat/inet_ntop.c] + Remove two obsolete Cygwin #ifdefs. Patch from vinschen at redhat.com. + +20050224 - (djm) [configure.ac] in_addr_t test needs sys/types.h too 20050222 @@ -2163,4 +2167,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3663 2005/02/24 01:12:34 djm Exp $ +$Id: ChangeLog,v 1.3664 2005/02/25 23:04:28 dtucker Exp $ diff --git a/openbsd-compat/bsd-openpty.c b/openbsd-compat/bsd-openpty.c index daf5f8b81..8eb62b7a8 100644 --- a/openbsd-compat/bsd-openpty.c +++ b/openbsd-compat/bsd-openpty.c @@ -102,7 +102,6 @@ openpty(int *amaster, int *aslave, char *name, struct termios *termp, return (-1); } -#ifndef HAVE_CYGWIN /* * Try to push the appropriate streams modules, as described * in Solaris pts(7). @@ -112,7 +111,6 @@ openpty(int *amaster, int *aslave, char *name, struct termios *termp, # ifndef __hpux ioctl(*aslave, I_PUSH, "ttcompat"); # endif /* __hpux */ -#endif /* HAVE_CYGWIN */ return (0); diff --git a/openbsd-compat/inet_ntop.c b/openbsd-compat/inet_ntop.c index 7031625b4..47796c370 100644 --- a/openbsd-compat/inet_ntop.c +++ b/openbsd-compat/inet_ntop.c @@ -35,9 +35,7 @@ static char rcsid[] = "$OpenBSD: inet_ntop.c,v 1.5 2002/08/23 16:27:31 itojun Ex #include #include #include -#ifndef HAVE_CYGWIN #include -#endif #include #include #include -- cgit v1.2.3 From 3804903a094f41d09e8b294dbd69a846dcf7fe94 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 26 Feb 2005 10:07:37 +1100 Subject: - (dtucker) [acconfig.h configure.ac openbsd-compat/bsd-misc.{c,h}] Remove SETGROUPS_NOOP, was only used by Cygwin, which doesn't need it any more. Patch from vinschen at redhat.com. --- ChangeLog | 5 ++++- acconfig.h | 5 +---- configure.ac | 3 +-- openbsd-compat/bsd-misc.c | 13 +------------ openbsd-compat/bsd-misc.h | 6 +----- 5 files changed, 8 insertions(+), 24 deletions(-) (limited to 'openbsd-compat') diff --git a/ChangeLog b/ChangeLog index f12f6f906..b7e3635d6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,9 @@ 20050226 - (dtucker) [openbsd-compat/bsd-openpty.c openbsd-compat/inet_ntop.c] Remove two obsolete Cygwin #ifdefs. Patch from vinschen at redhat.com. + - (dtucker) [acconfig.h configure.ac openbsd-compat/bsd-misc.{c,h}] + Remove SETGROUPS_NOOP, was only used by Cygwin, which doesn't need it any + more. Patch from vinschen at redhat.com. 20050224 - (djm) [configure.ac] in_addr_t test needs sys/types.h too @@ -2167,4 +2170,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3664 2005/02/25 23:04:28 dtucker Exp $ +$Id: ChangeLog,v 1.3665 2005/02/25 23:07:37 dtucker Exp $ diff --git a/acconfig.h b/acconfig.h index 014413505..5721f65fb 100644 --- a/acconfig.h +++ b/acconfig.h @@ -1,4 +1,4 @@ -/* $Id: acconfig.h,v 1.180 2004/08/16 13:12:06 dtucker Exp $ */ +/* $Id: acconfig.h,v 1.181 2005/02/25 23:07:38 dtucker Exp $ */ /* * Copyright (c) 1999-2003 Damien Miller. All rights reserved. @@ -52,9 +52,6 @@ #undef SPT_TYPE #undef SPT_PADCHAR -/* setgroups() NOOP allowed */ -#undef SETGROUPS_NOOP - /* SCO workaround */ #undef BROKEN_SYS_TERMIO_H diff --git a/configure.ac b/configure.ac index fae62d609..94d127299 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.247 2005/02/24 01:12:35 djm Exp $ +# $Id: configure.ac,v 1.248 2005/02/25 23:07:38 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -158,7 +158,6 @@ case "$host" in AC_DEFINE(NO_X11_UNIX_SOCKETS) AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT) AC_DEFINE(DISABLE_FD_PASSING) - AC_DEFINE(SETGROUPS_NOOP) ;; *-*-dgux*) AC_DEFINE(IP_TOS_IS_BROKEN) diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c index 1b276b4f4..41f92cce9 100644 --- a/openbsd-compat/bsd-misc.c +++ b/openbsd-compat/bsd-misc.c @@ -18,7 +18,7 @@ #include "includes.h" #include "xmalloc.h" -RCSID("$Id: bsd-misc.c,v 1.25 2004/08/15 08:41:00 djm Exp $"); +RCSID("$Id: bsd-misc.c,v 1.26 2005/02/25 23:07:38 dtucker Exp $"); #ifndef HAVE___PROGNAME char *__progname; @@ -122,17 +122,6 @@ int truncate(const char *path, off_t length) } #endif /* HAVE_TRUNCATE */ -#if !defined(HAVE_SETGROUPS) && defined(SETGROUPS_NOOP) -/* - * Cygwin setgroups should be a noop. - */ -int -setgroups(size_t size, const gid_t *list) -{ - return (0); -} -#endif - #if !defined(HAVE_NANOSLEEP) && !defined(HAVE_NSLEEP) int nanosleep(const struct timespec *req, struct timespec *rem) { diff --git a/openbsd-compat/bsd-misc.h b/openbsd-compat/bsd-misc.h index 33a1d707f..b61ec4244 100644 --- a/openbsd-compat/bsd-misc.h +++ b/openbsd-compat/bsd-misc.h @@ -1,4 +1,4 @@ -/* $Id: bsd-misc.h,v 1.17 2004/08/15 08:41:00 djm Exp $ */ +/* $Id: bsd-misc.h,v 1.18 2005/02/25 23:07:38 dtucker Exp $ */ /* * Copyright (c) 1999-2004 Damien Miller @@ -67,10 +67,6 @@ int utimes(char *, struct timeval *); int truncate (const char *, off_t); #endif /* HAVE_TRUNCATE */ -#if !defined(HAVE_SETGROUPS) && defined(SETGROUPS_NOOP) -int setgroups(size_t, const gid_t *); -#endif - #if !defined(HAVE_NANOSLEEP) && !defined(HAVE_NSLEEP) #ifndef HAVE_STRUCT_TIMESPEC struct timespec { -- cgit v1.2.3